Category: Publications

Privacy and Security Threat Models and Mitigation Strategies of Older Adults (SOUPS ’19)

AbstractOlder adults (65+) are becoming primary users of emerging smart systems, especially in health care. However, these technologies are often not designed for older users and can pose serious privacy and security concerns due to their novelty, complexity, and propensity to collect and communicate vast amounts of sensitive information. Efforts to address such concerns must […]

Privacy Attitudes of Smart Speaker Users (PETS ’19)

AbstractAs devices with always-on microphones located in people’s homes, smart speakers have significant privacy implications. We surveyed smart speaker owners about their beliefs, attitudes, and concerns about the recordings that are made and shared by their devices. To ground participants’ responses in concrete interactions, rather than collecting their opinions abstractly, we framed our survey around […]

Information Design in An Aged Care Context (PervasiveHealth ’19)

AbstractThe adoption of technological solutions for aged care is rapidly increasing in developed countries. New technologies facilitate the sharing of health information among the “care triad”: the elderly care recipient, their family, and care staff. In order to develop user-centered technologies for this population, we believe that it is necessary to first examine their views […]

50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System (USENIX Sec ’19)

Abstract Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources. However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels. Side channels present in the implementation of the permission system allow apps to access the data […]

On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies (ConPro ’19)

AbstractThe dominant privacy framework of the information age relies on notions of “notice and consent.” That is, service providers will disclose, often through privacy policies, their data collection practices, and users can then consent to their terms. However, it is unlikely that most users comprehend these disclosures, which is due in no small part to […]

Do You Get What You Pay For? Comparing The Privacy Behaviors of Free vs. Paid Apps (ConPro ’19)

AbstractIt is commonly assumed that the availability of “free” mobile apps comes at the cost of consumer privacy, and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by investigating the degree to which “free” apps and their paid premium versions […]

A Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions (CHI ’19)

AbstractCommitment devices are a technique from behavioral economics that have been shown to mitigate the effects of present bias—the tendency to discount future risks and gains in favor of immediate gratifications. In this paper, we explore the feasibility of using commitment devices to nudge users towards complying with varying online security mitigations. Using two online […]

The Accuracy of the Demographic Inferences Shown on Google’s Ad Settings (WPES ’18)

AbstractGoogle’s Ad Settings shows the gender and age that Google hasinferred about a web user. We compare the inferred values to theself-reported values of 501 survey participants. We find that Googleoften does not show an inference, but when it does, it is typicallycorrect. We explore which usage characteristics, such as using privacyenhancing technologies, are associated […]

Better Late(r) than Never: Increasing Cyber-Security Compliance by Reducing Present Bias (WEIS ’18)

Abstract Despite recent advances in increasing computer security by eliminating human involvement and error, there are still situations in which humans must manually perform computer security tasks, such as enabling automatic updates, rebooting machines to apply some of those updates, or enrolling in two-factor authentication. We argue that present bias—the tendency to discount future risks […]

“What Can’t Data Be Used For?” Privacy Expectations about Smart TVs in the U.S. (EuroUSEC ’18)

Abstract Smart TVs have rapidly become the most common smart appliance in typical households. In the U.S., most television sets on the market have advanced sensors not traditionally found on conventional TVs, such as a microphone for voice commands or a camera for photo or video input. These new sensors enable features that are convenient, […]